Service discovery protocols (SDPs) may facilitate the automatic detection of services offered by devices connected to a computer network. For example, client devices may distribute SDP messages that announce services offered by these client devices via an access point of a Wireless Local Area Network (WLAN). During the distribution of the SDP messages, the access point may extract information about the services from these messages and then store the information in a cache. Other client devices connected to the computer network may then discover these services by querying the access point for the information stored in the cache.
Unfortunately, while SDPs may facilitate automatic detection of services offered by the client devices connected to the computer network, SDPs may also enable attackers to “poison” the cache that stores the information about these services. For example, an attacker may distribute one or more illegitimate SDP messages that announce fake and/or non-existent services. Additionally or alternatively, an attacker may distribute one or more illegitimate SDP messages that update the cache with false information about existing services.
Moreover, traditional access points may fail to authenticate the legitimacy of these SDP messages prior to extracting the service information from the SDP messages and/or storing the service information in the cache. As a result, these traditional access points may provide illegitimate service information to the client devices in response to their queries for the information stored in the cache. The client devices may then request, but fail to reach, one or more of the services identified in the illegitimate service information, potentially leading to wasted time and/or resources.
The instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting cache-poisoning attacks in networks using SDPs.